public async Task <IHttpActionResult> Discount(int id, decimal discount)
{
if (discount < 1 || discount > 100)
{
return(BadRequest(ModelState));
}
Product product = await _store.GetByIdAsync(id);
if (product == null)
{
return(NotFound());
}
var operation = ProductOperations.GiveDiscount(discount);
if (await _authz.AuthorizeAsync((ClaimsPrincipal)User, product, operation))
{
product.Price -= discount;
await _store.UpdateAsync(product);
return(Ok(product));
}
return(StatusCode(HttpStatusCode.Forbidden));
}
public async Task <IActionResult> Discount(ProductDiscountViewModel model)
{
if (!ModelState.IsValid)
{
return(RedirectToAction("Details", new { model.Id }));
}
Product product = await _store.GetByIdAsync(model.Id);
if (product == null)
{
return(NotFound());
}
var operation = ProductOperations.GiveDiscount(model.Discount);
if (await _authz.AuthorizeAsync(User, product, operation))
{
product.Price -= model.Discount;
await _store.UpdateAsync(product);
return(RedirectToAction("Index"));
}
return(new ChallengeResult());
}
